Section: .. / 0605-advisories /
| /// File Name: |
FLSA-2006-185355.txt |
Description:
|
Fedora Legacy Update Advisory FLSA:185355 - Tavis Ormandy discovered a bug in the way GnuPG verifies cryptographically signed data with detached signatures. It is possible for an attacker to construct a cryptographically signed message which could appear to come from a third party. When a victim processes a GnuPG message with a malformed detached signature, GnuPG ignores the malformed signature, processes and outputs the signed data, and exits with status 0, just as it would if the signature had been valid. In this case, GnuPG's exit status would not indicate that no signature verification had taken place. This issue would primarily be of concern when processing GnuPG results via an automated script.
| | Homepage: | http://fedoralegacy.org | | File Size: | 6542 | | Last Modified: | May 17 17:46:33 2006 |
| MD5 Checksum: | 76c3673374611c1455a5420db48eba48 |
|
| /// File Name: |
frontrange.txt |
Description:
|
A vulnerability has been found in FrontRange's iHeat product that allows users to gain access to the host machine through a logged on session or execute arbitrary code while using the active-x version of the product.
| | Author: | mcdanielar | | File Size: | 906 | | Last Modified: | May 22 00:53:45 2006 |
| MD5 Checksum: | 3930de7b6639f468bad899da506e7944 |
|
| /// File Name: |
genecysbof.txt |
Description:
|
Genecys versions 0.2 and below suffer from a buffer overflow and a NULL pointer crash.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | genecysbof.zip | | File Size: | 3569 | | Last Modified: | May 21 20:47:37 2006 |
| MD5 Checksum: | 2f4ee9bed61be407266d598449eaf105 |
|
| /// File Name: |
glsa-200605-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-01 - Xfocus Team discovered multiple integer overflows that may lead to a heap-based buffer overflow. Versions less than 1.0.20060415 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2948 | | Last Modified: | May 2 02:02:05 2006 |
| MD5 Checksum: | 7c6f5684e584cba01ec4c5addd941858 |
|
| /// File Name: |
glsa-200605-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-02 - X.Org miscalculates the size of a buffer in the XRender extension. Versions less than 6.8.2-r7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2432 | | Last Modified: | May 5 06:27:09 2006 |
| MD5 Checksum: | b7bf68965ed713344b0e5fef789e29fe |
|
| /// File Name: |
glsa-200605-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-03 - Ulf Harnhammar and an anonymous German researcher discovered that Freshclam fails to check the size of the header data returned by a webserver. Versions less than 0.88.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2494 | | Last Modified: | May 5 06:27:36 2006 |
| MD5 Checksum: | edd0f64b41448114ceac2a24db48614f |
|
| /// File Name: |
glsa-200605-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-04 - rgod has reported that the hub_dir parameter in index.php isn't properly verified. When magic_quotes_gpc is disabled, this can be exploited to include arbitrary files from local resources. Versions less than 0.10.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2728 | | Last Modified: | May 5 06:27:57 2006 |
| MD5 Checksum: | 9f8b0258d08cc439e7c1dd09563dddfa |
|
| /// File Name: |
glsa-200605-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-05 - An integer overflow was found in the receive_xattr function from the extended attributes patch (xattr.c) for rsync. The vulnerable function is only present when the acl USE flag is set. Versions less than 2.6.8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2791 | | Last Modified: | May 6 17:59:00 2006 |
| MD5 Checksum: | 16d674c3c70b0043059e552b75673328 |
|
| /// File Name: |
glsa-200605-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-06 - Martijn Wargers and Nick Mott discovered a vulnerability when rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is not affected. Versions less than 1.5.0.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3414 | | Last Modified: | May 6 18:22:01 2006 |
| MD5 Checksum: | c72616aceeade6d494b4f69d0fe74241 |
|
| /// File Name: |
glsa-200605-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-08 - Several vulnerabilities were discovered on PHP4 and PHP5 by Infigo, Tonu Samuel and Maksymilian Arciemowicz. These included a buffer overflow in the wordwrap() function, restriction bypasses in the copy() and tempname() functions, a cross-site scripting issue in the phpinfo() function, a potential crash in the substr_compare() function and a memory leak in the non-binary-safe html_entity_decode() function. Versions less than 5.1.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3527 | | Last Modified: | May 9 17:16:50 2006 |
| MD5 Checksum: | 1a49be41cdab1de7d4132988a0f38a76 |
|
| /// File Name: |
glsa-200605-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-09 - Several vulnerabilities were found and fixed in Mozilla Thunderbird. Versions less than 1.0.8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5241 | | Last Modified: | May 9 17:17:10 2006 |
| MD5 Checksum: | 9d346d3721538b88beac4708aa243a81 |
|
| /// File Name: |
glsa-200605-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-10 - The pdnsd team has discovered an unspecified buffer overflow vulnerability. The PROTOS DNS Test Suite, by the Oulu University Secure Programming Group (OUSPG), has also revealed a memory leak error within the handling of the QTYPE and QCLASS DNS queries, leading to consumption of large amounts of memory. Versions less than 1.2.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2794 | | Last Modified: | May 17 17:31:54 2006 |
| MD5 Checksum: | 900daf1602d0039d0f97882a378a742c |
|
| /// File Name: |
glsa-200605-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-11 - Ruby uses blocking sockets for WEBrick and XMLRPC servers. Versions less than 1.8.4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2532 | | Last Modified: | May 17 17:32:00 2006 |
| MD5 Checksum: | e8ad98eadea703f883b04dcef7574cb8 |
|
| /// File Name: |
glsa-200605-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-12 - landser discovered a vulnerability within the remapShader command. Due to a boundary handling error in remapShader, there is a possibility of a buffer overflow. Versions less than 1.32c are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3185 | | Last Modified: | May 17 17:32:07 2006 |
| MD5 Checksum: | f7dd943268ecf61119584fb820f5c67a |
|
| /// File Name: |
glsa-200605-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-13 - The processing of the COM_TABLE_DUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket. Versions less than 4.1.19 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3045 | | Last Modified: | May 17 17:32:14 2006 |
| MD5 Checksum: | b2ca69364a820fd3dee54092a1449d85 |
|
| /// File Name: |
glsa-200605-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-14 - Luigi Auriemma has found two heap-based buffer overflows in libextractor 0.5.13 and earlier: one of them occurs in the asf_read_header function in the ASF plugin, and the other occurs in the parse_trak_atom function in the Qt plugin. Versions less than 0.5.14 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2799 | | Last Modified: | May 22 03:25:58 2006 |
| MD5 Checksum: | 3216110d63f3abbacf3b035f472a40d2 |
|
| /// File Name: |
glsa-200605-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-15 - Konstantin V. Gavrilenko discovered two flaws in the Routing Information Protocol (RIP) daemon that allow the processing of RIP v1 packets (carrying no authentication) even when the daemon is configured to use MD5 authentication or, in another case, even if RIP v1 is completely disabled. Additionally, Fredrik Widell reported that the Border Gateway Protocol (BGP) daemon contains a flaw that makes it lock up and use all available CPU when a specific command is issued from the telnet interface. Versions less than 0.98.6-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3342 | | Last Modified: | May 22 03:26:25 2006 |
| MD5 Checksum: | a38e9d18f3849daa79e90015bb3d26ed |
|
| /// File Name: |
glsa-200606-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-07 - Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Versions less than 1.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2507 | | Last Modified: | May 9 16:25:21 2006 |
| MD5 Checksum: | 964cedadc7ca8a32a6a343daf7d3e023 |
|
| /// File Name: |
gnunet070d.txt |
Description:
|
GNUnet version 0.7.0d and below suffer from a UDP socket unreachable flaw that results in a denial of service condition.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 1826 | | Last Modified: | May 21 23:06:51 2006 |
| MD5 Checksum: | 9e03e588d715300c34629ba22be597ef |
|
| /// File Name: |
HackernetworkMail.txt |
Description:
|
Hackernetwork Mail suffers from XSS in the search parameter.
| | Author: | ajannhwt | | File Size: | 962 | | Last Modified: | May 26 18:13:44 2006 |
| MD5 Checksum: | b4f626249f8b4e3f0691cec28a533e8f |
|
| /// File Name: |
hiox.txt |
Description:
|
Hiox Guestbook version 3.1 is susceptible to cross site scripting attacks.
| | Author: | luny | | File Size: | 515 | | Last Modified: | May 23 04:15:29 2006 |
| MD5 Checksum: | 1d82c07264f86ab46963e4b915777afa |
|
| /// File Name: |
htmlsguestgear.txt |
Description:
|
html Guest Gear suffers from html injection and XSS.
| | Author: | pieisgdvgd | | File Size: | 422 | | Last Modified: | May 29 03:57:15 2006 |
| MD5 Checksum: | c5b0be96e2a2fce4e0a4ad609826ff16 |
|
| /// File Name: |
IBMWebsphere.txt |
Description:
|
Some vulnerabilities have been reported in IBM WebSphere Application Server, where some have unknown impacts and others may disclose sensitive information or bypass certain security restrictions.
| | Homepage: | http://www-1.ibm.com | | File Size: | 2017 | | Last Modified: | May 17 18:56:20 2006 |
| MD5 Checksum: | 918346e97158674df827c69cae766884 |
|
| /// File Name: |
iBoutique.MALL.txt |
Description:
|
iBoutique.MALL suffers from a directory transversal vulnerability in the function variable.
| | Author: | luny | | File Size: | 435 | | Last Modified: | May 29 03:10:28 2006 |
| MD5 Checksum: | 05fe49494d505c07278e8cc5d2b8db62 |
|
| /// File Name: |
ICQ-xas.txt |
Description:
|
Under some conditions, the ICQ client is vulnerable to remote script injection into the My Computer Security Zone of the Internet Explorer component used to display advertisement banners.
| | Author: | 3APA3A | | Homepage: | http://www.security.nnov.ru/ | | File Size: | 2361 | | Last Modified: | May 17 18:18:12 2006 |
| MD5 Checksum: | ff15c418248e0cb7fa4723a80a1026fd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
